Description: Wireshark for Security Professionals by Jessey Bullock, Jeff T. Parker Master Wireshark to solve real-world security problems If you don t already use Wireshark for a wide range of information security tasks, you will after this book. Mature and powerful, Wireshark is commonly used to find root cause of challenging network issues. FORMAT Paperback LANGUAGE English CONDITION Brand New Publisher Description Master Wireshark to solve real-world security problems If you dont already use Wireshark for a wide range of information security tasks, you will after this book. Mature and powerful, Wireshark is commonly used to find root cause of challenging network issues. This book extends that power to information security professionals, complete with a downloadable, virtual lab environment. Wireshark for Security Professionals covers both offensive and defensive concepts that can be applied to essentially any InfoSec role. Whether into network security, malware analysis, intrusion detection, or penetration testing, this book demonstrates Wireshark through relevant and useful examples. Master Wireshark through both lab scenarios and exercises. Early in the book, a virtual lab environment is provided for the purpose of getting hands-on experience with Wireshark. Wireshark is combined with two popular platforms: Kali, the security-focused Linux distribution, and the Metasploit Framework, the open-source framework for security testing. Lab-based virtual systems generate network traffic for analysis, investigation and demonstration. In addition to following along with the labs you will be challenged with end-of-chapter exercises to expand on covered material. Lastly, this book explores Wireshark with Lua, the light-weight programming language. Lua allows you to extend and customize Wiresharks features for your needs as a security professional. Lua source code is available both in the book and online. Lua code and lab source code are available online through GitHub, which the book also introduces. The books final two chapters greatly draw on Lua and TShark, the command-line interface of Wireshark. By the end of the book you will gain the following: Master the basics of WiresharkExplore the virtual w4sp-lab environment that mimics a real-world networkGain experience using the Debian-based Kali OS among other systemsUnderstand the technical details behind network attacksExecute exploitation and grasp offensive and defensive activities, exploring them through WiresharkEmploy Lua to extend Wireshark features and create useful scripts To sum up, the book content, labs and online material, coupled with many referenced sources of PCAP traces, together present a dynamic and robust manual for information security professionals seeking to leverage Wireshark. Back Cover An essential guide to network security and the feature-packed Wireshark toolset Open source protocol analyzer Wireshark is the de facto analysis tool across many fields, including the security field. Wireshark provides a powerful feature set that allows you to inspect your network at a microscopic level. The diverse features and support for numerous protocols make Wireshark an invaluable security tool, but also difficult or intimidating for newcomers to learn. Wireshark for Security Professionals is the answer, helping you to leverage Wireshark and related tools such as the command line TShark application quickly and effectively. Coverage includes a complete primer on Metasploit, the powerful offensive tool, as well as Lua, the popular scripting language. This highly practical guide gives you the insight you need to successfully apply what youve learned in the real world. Examples show you how Wireshark is used in an actual network with the provided Docker virtual environment, and basic networking and security principles are explained in detail to help you understand the why along with the how . Using the Kali Linux penetration testing distribution in combination with the virtual lab and provided network captures, you can follow along with the numerous examples or even start practicing right away in a safe network environment. The hands-on experience is made even more valuable by the emphasis on cohesive application, helping you exploit and expand Wiresharks full functionality by extending Wireshark or integrating it with other security tools. With coverage of both offensive and defensive security tools and techniques, Wireshark for Security Professionals shows you how to secure any network as you learn to: Understand the basics of Wireshark and the related toolset as well as the Metasploit Framework Explore the Lua scripting language and how it can be used to extend Wireshark Perform common offensive and defensive security research tasks with Wireshark Gain hands-on experience in a Docker virtual lab environment that replicates real-world enterprise networks Capture packets using advanced MitM techniques Customize the provided source code to expand your toolset Flap An essential guide to network security and the feature-packed Wireshark toolset Open source protocol analyzer Wireshark is the de facto analysis tool across many fields, including the security field. Wireshark provides a powerful feature set that allows you to inspect your network at a microscopic level. The diverse features and support for numerous protocols make Wireshark an invaluable security tool, but also difficult or intimidating for newcomers to learn. Wireshark for Security Professionals is the answer, helping you to leverage Wireshark and related tools such as the command line TShark application quickly and effectively. Coverage includes a complete primer on Metasploit, the powerful offensive tool, as well as Lua, the popular scripting language. This highly practical guide gives you the insight you need to successfully apply what youve learned in the real world. Examples show you how Wireshark is used in an actual network with the provided Docker virtual environment, and basic networking and security principles are explained in detail to help you understand the why along with the how . Using the Kali Linux penetration testing distribution in combination with the virtual lab and provided network captures, you can follow along with the numerous examples or even start practicing right away in a safe network environment. The hands-on experience is made even more valuable by the emphasis on cohesive application, helping you exploit and expand Wiresharks full functionality by extending Wireshark or integrating it with other security tools. With coverage of both offensive and defensive security tools and techniques, Wireshark for Security Professionals shows you how to secure any network as you learn to: Understand the basics of Wireshark and the related toolset as well as the Metasploit Framework Explore the Lua scripting language and how it can be used to extend Wireshark Perform common offensive and defensive security research tasks with Wireshark Gain hands-on experience in a Docker virtual lab environment that replicates real-world enterprise networks Capture packets using advanced MitM techniques Customize the provided source code to expand your toolset Author Biography JESSEY BULLOCK is a Senior Application Security Engineer with a game company. Having previously worked at both NGS and iSEC Partners as a consultant, he has a deep understanding of application security and development, operating systems internals, and networking protocols. Jessey has experience working across multiple industry sectors, including health care, education, and security. Jessey holds multiple security certifications, including CISSP, CCNA, CWNA, GCFE, CompTIA Security+, CompTIA A+, OSCP, GPEN, CEH, and GXPN. JEFF T. PARKER is a seasoned IT security consultant with a career spanning 3 countries and as many Fortune 1OO companies. Now in Halifax, Canada, Jeff enjoys life most with his two young children, hacking professionally while theyre in school. Table of Contents Introduction xiii Chapter 1 Introducing Wireshark 1 What Is Wireshark? 2 A Best Time to Use Wireshark? 2 Avoiding Being Overwhelmed 3 The Wireshark User Interface 3 Packet List Pane 5 Packet Details Pane 6 Packet Bytes Pane 8 Filters 9 Capture Filters 9 Display Filters 13 Summary 17 Exercises 18 Chapter 2 Setting Up the Lab 19 Kali Linux 20 Virtualization 22 Basic Terminology and Concepts 23 Benefits of Virtualization 23 Virtual Box 24 Installing VirtualBox 24 Installing the VirtualBox Extension Pack 31 Creating a Kali Linux Virtual Machine 33 Installing Kali Linux 40 The W4SP Lab 46 Requirements 46 A Few Words about Docker 47 What Is GitHub? 48 Creating the Lab User 49 Installing the W4SP Lab on the Kali Virtual Machine 50 Setting Up the W4SP Lab 53 The Lab Network 54 Summary 55 Exercises 56 Chapter 3 The Fundamentals 57 Networking 58 OSI Layers 58 Networking between Virtual Machines 61 Security 63 The Security Triad 63 Intrusion Detection and Prevention Systems 63 False Positives and False Negatives 64 Malware 64 Spoofing and Poisoning 66 Packet and Protocol Analysis 66 A Protocol Analysis Story 67 Ports and Protocols 71 Summary 73 Exercises 74 Chapter 4 Capturing Packets 75 Sniffing 76 Promiscuous Mode 76 Starting the First Capture 78 TShark 82 Dealing with the Network 86 Local Machine 87 Sniffing Localhost 88 Sniffing on Virtual Machine Interfaces 92 Sniffing with Hubs 96 SPAN Ports 98 Network Taps 101 Transparent Linux Bridges 103 Wireless Networks 105 Loading and Saving Capture Files 108 File Formats 108 Ring Buffers and Multiple Files 111 Recent Capture Files 116 Dissectors 118 W4SP Lab: Managing Nonstandard HTTP Traffic 118 Filtering SMB Filenames 120 Packet Colorization 123 Viewing Someone Elses Captures 126 Summary 127 Exercises 128 Chapter 5 Diagnosing Attacks 129 Attack Type: Man-in-the-Middle 130 Why MitM Attacks Are Effective 130 How MitM Attacks Get Done: ARP 131 W4SP Lab: Performing an ARP MitM Attack 133 W4SP Lab: Performing a DNS MitM Attack 141 How to Prevent MitM Attacks 147 Attack Type: Denial of Service 148 Why DoS Attacks Are Effective 149 How DoS Attacks Get Done 150 How to Prevent DoS Attacks 155 Attack Type: Advanced Persistent Threat 156 Why APT Attacks Are Effective 156 How APT Attacks Get Done 157 Example APT Traffic in Wireshark 157 How to Prevent APT Attacks 161 Summary 162 Exercises 162 Chapter 6 Offensive Wireshark 163 Attack Methodology 163 Reconnaissance Using Wireshark 165 Evading IPS/IDS 168 Session Splicing and Fragmentation 168 Playing to the Host, Not the IDS 169 Covering Tracks and Placing Backdoors 169 Exploitation 170 Setting Up the W4SP Lab with Metasploitable 171 Launching Metasploit Console 171 VSFTP Exploit 172 Debugging with Wireshark 173 Shell in Wireshark 175 TCP Stream Showing a Bind Shell 176 TCP Stream Showing a Reverse Shell 183 Starting ELK 188 Remote Capture over SSH 190 Summary 191 Exercises 192 Chapter 7 Decrypting TLS, Capturing USB, Keyloggers, and Network Graphing 193 Decrypting SSL/TLS 193 Decrypting SSL/TLS Using Private Keys 195 Decrypting SSL/TLS Using Session Keys 199 USB and Wireshark 202 Capturing USB Traffic on Linux 203 Capturing USB Traffic on Windows 206 TShark Keylogger 208 Graphing the Network 212 Lua with Graphviz Library 213 Summary 218 Exercises 219 Chapter 8 Scripting with Lua 221 Why Lua? 222 Scripting Basics 223 Variables 225 Functions and Blocks 226 Loops 228 Conditionals 230 Setup 230 Checking for Lua Support 231 Lua Initialization 232 Windows Setup 233 Linux Setup 233 Tools 234 Hello World with TShark 236 Counting Packets Script 237 ARP Cache Script 241 Creating Dissectors for Wireshark 244 Dissector Types 245 Why a Dissector Is Needed 245 Experiment 253 Extending Wireshark 255 Packet Direction Script 255 Marking Suspicious Script 257 Snooping SMB File Transfers 260 Summary 262 Index 265 Long Description An essential guide to network security and the feature-packed Wireshark toolset Open source protocol analyzer Wireshark is the de facto analysis tool across many fields, including the security field. Wireshark provides a powerful feature set that allows you to inspect your network at a microscopic level. The diverse features and support for numerous protocols make Wireshark an invaluable security tool, but also difficult or intimidating for newcomers to learn. Wireshark for Security Professionals is the answer, helping you to leverage Wireshark and related tools such as the command line TShark application quickly and effectively. Coverage includes a complete primer on Metasploit, the powerful offensive tool, as well as Lua, the popular scripting language. This highly practical guide gives you the insight you need to successfully apply what youve learned in the real world. Examples show you how Wireshark is used in an actual network with the provided Docker virtual environment, and basic networking and security principles are explained in detail to help you understand the why along with the how . Using the Kali Linux penetration testing distribution in combination with the virtual lab and provided network captures, you can follow along with the numerous examples or even start practicing right away in a safe network environment. The hands-on experience is made even more valuable by the emphasis on cohesive application, helping you exploit and expand Wiresharks full functionality by extending Wireshark or integrating it with other security tools. With coverage of both offensive and defensive security tools and techniques, Wireshark for Security Professionals shows you how to secure any network as you learn to: Understand the basics of Wireshark and the related toolset as well as the Metasploit Framework Explore the Lua scripting language and how it can be used to extend Wireshark Perform common offensive and defensive security research tasks with Wireshark Gain hands-on experience in a Docker virtual lab environment that replicates real-world enterprise networks Capture packets using advanced MitM techniques Customize the provided source code to expand your toolset Details ISBN1118918215 Publisher John Wiley & Sons Inc ISBN-10 1118918215 ISBN-13 9781118918210 Format Paperback Media Book Short Title WIRESHARK FOR SECURITY PROFESS Language English DEWEY 005.8 Edition 1st Subtitle Using Wireshark and the Metasploit Framework Place of Publication New York Country of Publication United States Pages 288 Year 2017 Publication Date 2017-05-12 UK Release Date 2017-05-12 AU Release Date 2017-03-10 NZ Release Date 2017-03-10 Author Jeff T. Parker Imprint John Wiley & Sons Inc Audience Professional & Vocational US Release Date 2017-05-12 We've got this At The Nile, if you're looking for it, we've got it. With fast shipping, low prices, friendly service and well over a million items - you're bound to find what you want, at a price you'll love! TheNile_Item_ID:159854806;
Price: 71.12 AUD
Location: Melbourne
End Time: 2024-11-21T03:07:21.000Z
Shipping Cost: 10.08 AUD
Product Images
Item Specifics
Restocking fee: No
Return shipping will be paid by: Buyer
Returns Accepted: Returns Accepted
Item must be returned within: 30 Days
ISBN-13: 9781118918210
Book Title: Wireshark for Security Professionals
Item Height: 239 mm
Item Width: 188 mm
Author: Jeff T. Parker, Jessey Bullock
Publication Name: Wireshark for Security Professionals: Using Wireshark and the Metasploit Framework
Format: Paperback
Language: English
Publisher: John Wiley & Sons Inc
Subject: Computer Science
Publication Year: 2017
Type: Textbook
Item Weight: 524 g
Number of Pages: 288 Pages